Ransomware Detection using Markov Chain Models over File Headers

被引：2

作者：

Bailluet, Nicolas ^{[1
]}

Le Bouder, Helene ^{[2
]}

Lubicz, David ^{[3
]}

机构：

[1] ENS Rennes, Rennes, France

[2] OCIF IMT Atlantique Campus Rennes, Rennes, France

[3] DGA MI, Bruz, France

来源：

SECRYPT 2021: PROCEEDINGS OF THE 18TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY | 2021年

关键词：

Ransomware; Detection; Malware; Markov Chain; File Header;

D O I：

10.5220/0010513104030411

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, a new approach for the detection of ransomware based on the runtime analysis of their behaviour is presented. The main idea is to get samples by using a mini-filter to intercept write requests, then decide if a sample corresponds to a benign or a malicious write request. To do so, in a learning phase, statistical models of structured file headers are built using Markov chains. Then in a detection phase, a maximum likelihood test is used to decide if a sample provided by a write request is normal or malicious. We introduce new statistical distances between two Markov chains, which are variants of the Kullback-Leibler divergence, which measure the efficiency of a maximum likelihood test to distinguish between two distributions given by Markov chains. This distance and extensive experiments are used to demonstrate the relevance of our method.

引用

页码：403 / 411

页数：9

共 50 条

[21] Machine Learning Based File Entropy Analysis for Ransomware Detection in Backup Systems
Lee, Kyungroul
Lee, Sun-Young
Yim, Kangbin
IEEE ACCESS, 2019, 7 : 110205 - 110215
[22] Ransomware Detection using Process Memory
Singh, Avinash
Ikuesan, Richard Adeyemi
Venter, Hein
PROCEEDINGS OF THE 17TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS 2022), 2022, : 413 - 422
[23] Crypto-Ransomware Detection: A Honey-File Based Approach Using Chi-Square Test
Arakkal, Ajith
Sharafudheen, Shehzad Pazheri
Vasudevan, A. R.
INFORMATION SYSTEMS SECURITY, ICISS 2023, 2023, 14424 : 449 - 458
[24] Ransomware Detection based on Network Behavior using Machine Learning and Hidden Markov Model with Gaussian Emission
Srivastava, Aman
Kumar, Nitesh
Handa, Anand
Shukla, Sandeep K.
2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR, 2023, : 227 - 233
[25] Ransomware Detection Using Binary Classification
Kader, Kazi Samiul
Tahsin, Md Tareque Hasan
Hossain, Md Shohrab
Narman, Husnu S.
2021 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS DASC/PICOM/CBDCOM/CYBERSCITECH 2021, 2021, : 979 - 984
[26] Quantifying uncertainty in transdimensional Markov chain Monte Carlo using discrete Markov models
Heck, Daniel W.
Overstall, Antony M.
Gronau, Quentin F.
Wagenmakers, Eric-Jan
STATISTICS AND COMPUTING, 2019, 29 (04) : 631 - 643
[27] Quantifying uncertainty in transdimensional Markov chain Monte Carlo using discrete Markov models
Daniel W. Heck
Antony M. Overstall
Quentin F. Gronau
Eric-Jan Wagenmakers
Statistics and Computing, 2019, 29 : 631 - 643
[28] Updating Markov chain models using the ensemble Kalman filter
Oliver, Dean S.
Chen, Yan
Naevdal, Geir
COMPUTATIONAL GEOSCIENCES, 2011, 15 (02) : 325 - 344
[29] Computing system reliability using Markov chain usage models
Prowell, SJ
Poore, JH
JOURNAL OF SYSTEMS AND SOFTWARE, 2004, 73 (02) : 219 - 225
[30] DNA-sequence analysis using Markov chain models
Ryabko, Boris
Usotskaya, Natalie
2008 IEEE INFORMATION THEORY WORKSHOP, 2008, : 119 - +

← 1 2 3 4 5 →